Privacy Policy
This Privacy Policy explains what information Rife Systems collects, how we use it, and your choices.
1. Information We Collect
Account information: email address, hashed password, account preferences (newsletter opt-in, time zone if provided).
Usage and security data: IP address, user agent (browser/device), accept-language header, session timestamps, and (for the Research Assistant) the questions you submit and the responses we return.
Audit trail: account events such as registration, sign-in, sign-out, password changes, newsletter subscription changes, and administrative actions.
Lead capture: if you submit your email on the /shop or /research-assistant pages, we record your email along with the page that submitted it, your IP, and user agent.
Gotcha wall submissions: if you submit a message on the /gotcha page, we collect your name, email, message, IP, user agent, and referrer. Your name and email are visible only to Matthew for moderation and never appear on the public wall — approved messages are posted anonymously. Pending submissions stay in queue until moderated; rejected submissions are retained for 90 days then deleted.
Google Analytics 4: we use Google Analytics (property ID G-2QF4QHWG89) on our public pages to understand aggregate traffic — which pages are visited, approximate geography, referrers, and device categories. Google receives your IP address and browser fingerprint as part of standard analytics. We do not connect GA traffic to your account identity; GA only sees anonymous visits. You can opt out by installing the Google Analytics Opt-out Browser Add-on, using a browser's "Do Not Track" setting, or blocking googletagmanager.com via your ad/tracker blocker. Analytics is NOT loaded on any authenticated page (account, admin, chat).
Besides GA, we do not use advertising trackers, session replay tools, or third-party analytics on this site.
2. How We Use Information
- To provide and operate the Service (authenticate you, return AI responses, deliver products).
- To send transactional emails (verification, password reset, account notices).
- To send marketing emails if you have opted in (and only until you opt out).
- To investigate abuse, fraud, account compromise, and violations of our Terms.
- To comply with legal obligations and respond to lawful requests.
- To improve the Service (in aggregate; we do not train AI models on individual chat content).
3. Sharing
We do not sell your personal information. We share information only with:
- Email delivery provider (Google Workspace) to send transactional and newsletter email.
- Network and hosting providers (Cloudflare for tunneling/DNS, our self-hosted infrastructure) as required to deliver the Service.
- Payment processors (e.g., Stripe) when you make a purchase. Your payment card details are handled directly by the processor and not stored by us.
- Legal compliance: if required by valid legal process or to protect rights, safety, or property.
4. Cookies and Local Storage
First-party cookies we set: rs_session (sign-in state), rs_csrf (CSRF protection, paired with sessions), and a short-lived TOTP marker cookie for admin sessions.
Third-party cookies set by Google Analytics on public pages (_ga, _ga_*) identify anonymous visits for aggregate traffic measurement. See section 1 for how to opt out. No other third-party cookies or advertising trackers are set.
5. Data Retention
- Account data: retained for the life of your account. When you delete your account from settings, your account record, sessions, and chat history are removed within 24 hours.
- Audit log: retained for 24 months for security and abuse-investigation purposes.
- Backup snapshots: may persist for up to 90 days after deletion.
- Email opt-out records: retained indefinitely so we can honor the opt-out even if you re-register.
6. Your Choices
- Newsletter: toggle in your account settings, or use the unsubscribe link in any newsletter email.
- Account deletion: available in your account settings.
- Access / export: email our operations inbox and we will provide a copy of the data we have associated with your account.
- Correction / rectification: you can change your email or password from your account; for other corrections, contact us.
7. EU/UK and Canadian Residents
If you are in the EU, UK, or Canada, you have additional rights under the GDPR / UK GDPR / PIPEDA, including the right to object to processing, request restriction, or lodge a complaint with your local supervisory authority. The legal basis for our processing is performance of our contract with you (account operation), our legitimate interest (security/fraud prevention), and your consent (marketing email).
8. Children
The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
9. Security
We use industry-standard practices including encrypted connections (TLS), hashed passwords (argon2id), strict admin access (TOTP), rate limiting, IP/email blocklists, and continuous audit logging. No system is perfectly secure; you are responsible for keeping your account credentials confidential.
10. Changes
We may update this Policy. Material changes will be communicated by email and/or in-product notice.
11. Contact
Privacy questions or requests: our operations inbox.